Army warns of ID theft from Stratfor hack
The Army is warning users of its Army Knowledge Online portal to beware of identity theft following the recent Anonymous hack of intelligence analysis company Strategic Forecasting.
The hack over Christmas weekend netted information on hundreds of thousands of accounts, including e-mail addresses and thousands of credit card numbers that Anonymous later posted online.
AKO is warning users about the possibility of identify theft as a result of the hack and is asking anyone who had registered with Stratfor to monitor their credit card statements, change online passwords and report any evidence of fraud to the Army’s Criminal Investigative Command, Stars and Stripes reported.
Anonymous hack of intell company Stratfor was all too easy
Stratfor, which gathers and supplies security-related intelligence reports to a variety of clients, including the Defense Department and contractor Lockheed Martin, has been known for its secrecy and its confidential client list, according to an entry on Wikipedia.
However, Anonymous has said the hack was relatively easy because the credit card data it took was not encrypted, the Wall Street Journal reported.
Cameron Camp of the ESET Threat Blog also noted that hackers used a dictionary attack to crack passwords, finding passwords such as “password” and “password1.”
Among the data published on the Web was information on former Vice President Dan Quayle, former Secretary of State Henry Kissinger and former CIA Director Jim Woolsey. As many as 860,000 accounts may have been exposed, including information on individuals who are no longer active clients of the company. Organizations on Anonymous’ list include the Army and Air Force; the Energy, Justice and Treasury departments; the Miami Police Department; Apple; and several other defense contractors.
Stratfor has taken its website offline, except for a notice on its homepage referring to the attack and saying the company was performing a security review before restoring its site. Meanwhile, it is issuing updates via its Facebook page and Twitter feed.
An Anonymous posting has said the attack was a response to the pending court-martial of Army Pfc. Bradley Manning, who is accused of giving classified information to the WikiLeaks website. The hacker group has threatened to release more information from the breach and on its Twitter feed has suggested that more hacks are forthcoming.
Another goal of the Stratfor attack, according to one hacker, was to use the stolen credit card data to make holiday donations to charities, and several clients have reported those kinds of transactions, the Journal reported.
Allen Barr, who had dealt with bank-related cyber crime for the Texas Department of Banking before retiring recently, told the Journal that $700 had been charged to his credit card account in donations to charities such as the Red Cross and CARE.
Card holders who suspect fraud can challenge the charges and contact one of the three main credit bureaus to submit a fraud alert, the Army's warning notes.
Kevin McCaney is a former editor of Defense Systems and GCN.